

<!DOCTYPE html>
<html lang="zh-CN" data-default-color-scheme=auto>



<head>
  <meta charset="UTF-8">
  <link rel="apple-touch-icon" sizes="76x76" href="/img/fluid.png">
  <link rel="icon" href="/img/fluid.png">
  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
  <meta http-equiv="x-ua-compatible" content="ie=edge">
  
  <meta name="theme-color" content="#2f4154">
  <meta name="author" content="Jiashi">
  <meta name="keywords" content="">
  
    <meta name="description" content="1 静态分析基础技术引言 使用反病毒软件来确认程序样本的恶意性；  使用哈希来识别恶意代码；  从文件的字符串列表、函数和文件头信息中发掘有用信息。">
<meta property="og:type" content="article">
<meta property="og:title" content="恶意代码分析">
<meta property="og:url" content="https://jiashi19.gitee.io/2023/10/16/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%88%86%E6%9E%90/index.html">
<meta property="og:site_name" content="Blog from js19">
<meta property="og:description" content="1 静态分析基础技术引言 使用反病毒软件来确认程序样本的恶意性；  使用哈希来识别恶意代码；  从文件的字符串列表、函数和文件头信息中发掘有用信息。">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://s2.loli.net/2023/10/13/heJj67dS2GIwVyi.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/sJQyBRW7ujvAmiG.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/WIoJE16B7Mf4arP.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/9ESYuTQnzilvWDq.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/uovJiMQGqW6mUp1.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/yn4bHvJI2Y3D1AW.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/o7VDuWFgLf51RYe.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/h9eCVzFjiSpu5dv.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/2UyGgBNuHJtR1Fv.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/IZ8t2wgxJyODjPF.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/OPtT72pjD3ekBmA.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/2gVxmZKuB3Pklqs.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/14/qy4DaLAUxJhKXMn.png">
<meta property="og:image" content="https://s2.loli.net/2023/10/16/VKRgTrmc2uUezlC.png">
<meta property="article:published_time" content="2023-10-15T16:11:31.000Z">
<meta property="article:modified_time" content="2023-11-23T07:48:40.103Z">
<meta property="article:author" content="Jiashi">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:image" content="https://s2.loli.net/2023/10/13/heJj67dS2GIwVyi.png">
  
  
    <meta name="referrer" content="no-referrer-when-downgrade">
  
  
  <title>恶意代码分析 - Blog from js19</title>

  <link  rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />



  <link  rel="stylesheet" href="https://lib.baomitu.com/github-markdown-css/4.0.0/github-markdown.min.css" />

  <link  rel="stylesheet" href="https://lib.baomitu.com/hint.css/2.7.0/hint.min.css" />

  <link  rel="stylesheet" href="https://lib.baomitu.com/fancybox/3.5.7/jquery.fancybox.min.css" />



<!-- 主题依赖的图标库，不要自行修改 -->
<!-- Do not modify the link that theme dependent icons -->

<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">



<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">


<link  rel="stylesheet" href="/css/main.css" />


  <link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
  
    <link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
  




  <script id="fluid-configs">
    var Fluid = window.Fluid || {};
    Fluid.ctx = Object.assign({}, Fluid.ctx)
    var CONFIG = {"hostname":"jiashi19.gitee.io","root":"/","version":"1.9.5-a","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":true},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":false,"follow_dnt":true,"baidu":null,"google":{"measurement_id":null},"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":null,"app_key":null,"server_url":null,"path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml","include_content_in_search":true};

    if (CONFIG.web_analytics.follow_dnt) {
      var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
      Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
    }
  </script>
  <script  src="/js/utils.js" ></script>
  <script  src="/js/color-schema.js" ></script>
  


  
<meta name="generator" content="Hexo 6.3.0"></head>


<body>
  

  <header>
    

<div class="header-inner" style="height: 70vh;">
  <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
  <div class="container">
    <a class="navbar-brand" href="/">
      <strong>jiashi&#39;s blog</strong>
    </a>

    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
            data-target="#navbarSupportedContent"
            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
      <div class="animated-icon"><span></span><span></span><span></span></div>
    </button>

    <!-- Collapsible content -->
    <div class="collapse navbar-collapse" id="navbarSupportedContent">
      <ul class="navbar-nav ml-auto text-center">
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/">
                <i class="iconfont icon-home-fill"></i>
                <span>首页</span>
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/archives/">
                <i class="iconfont icon-archive-fill"></i>
                <span>归档</span>
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/categories/">
                <i class="iconfont icon-category-fill"></i>
                <span>分类</span>
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/tags/">
                <i class="iconfont icon-tags-fill"></i>
                <span>标签</span>
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/about/">
                <i class="iconfont icon-user-fill"></i>
                <span>关于</span>
              </a>
            </li>
          
        
        
          <li class="nav-item" id="search-btn">
            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
              <i class="iconfont icon-search"></i>
            </a>
          </li>
          
        
        
          <li class="nav-item" id="color-toggle-btn">
            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">
              <i class="iconfont icon-dark" id="color-toggle-icon"></i>
            </a>
          </li>
        
      </ul>
    </div>
  </div>
</nav>

  

<div id="banner" class="banner" parallax=true
     style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
  <div class="full-bg-img">
    <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
      <div class="banner-text text-center fade-in-up">
        <div class="h2">
          
            <span id="subtitle" data-typed-text="恶意代码分析"></span>
          
        </div>

        
          
  <div class="mt-3">
    
    
      <span class="post-meta">
        <i class="iconfont icon-date-fill" aria-hidden="true"></i>
        <time datetime="2023-10-16 00:11" pubdate>
          2023年10月16日 凌晨
        </time>
      </span>
    
  </div>

  <div class="mt-1">
    
      <span class="post-meta mr-2">
        <i class="iconfont icon-chart"></i>
        
          1.4k 字
        
      </span>
    

    
      <span class="post-meta mr-2">
        <i class="iconfont icon-clock-fill"></i>
        
        
        
          12 分钟
        
      </span>
    

    
    
  </div>


        
      </div>

      
    </div>
  </div>
</div>

</div>

  </header>

  <main>
    
      

<div class="container-fluid nopadding-x">
  <div class="row nomargin-x">
    <div class="side-col d-none d-lg-block col-lg-2">
      

    </div>

    <div class="col-lg-8 nopadding-x-md">
      <div class="container nopadding-x-md" id="board-ctn">
        <div id="board">
          <article class="post-content mx-auto">
            <h1 id="seo-header">恶意代码分析</h1>
            
            
              <div class="markdown-body">
                
                <h1 id="1-静态分析基础技术"><a href="#1-静态分析基础技术" class="headerlink" title="1 静态分析基础技术"></a>1 静态分析基础技术</h1><h2 id="引言"><a href="#引言" class="headerlink" title="引言"></a>引言</h2><ol>
<li><p>使用反病毒软件来确认程序样本的恶意性；</p>
</li>
<li><p>使用<strong>哈希</strong>来识别恶意代码；</p>
</li>
<li><p>从文件的<strong>字符串列表</strong>、<strong>函数</strong>和<strong>文件头</strong>信息中发掘有用信息。</p>
<span id="more"></span></li>
</ol>
<h2 id="1-1反病毒引擎扫描"><a href="#1-1反病毒引擎扫描" class="headerlink" title="1.1反病毒引擎扫描"></a>1.1反病毒引擎扫描</h2><h2 id="1-2-哈希值分析"><a href="#1-2-哈希值分析" class="headerlink" title="1.2 哈希值分析"></a>1.2 哈希值分析</h2><p>计算md5值并进行分析</p>
<h2 id="1-3-查找字符串-Strings"><a href="#1-3-查找字符串-Strings" class="headerlink" title="1.3 查找字符串 Strings"></a>1.3 查找字符串 Strings</h2><ul>
<li>程序中的字符串就是一段可打印的字符序列，从其中会包含很多信息，比如弹出的消息，读取的位置，链接的URL等等。</li>
<li>使用Strings程序搜索可执行文件的字符串，通常以Unicode和ASCII格式存储。</li>
<li>两种类型格式都以NULL结束符，表示字符串是完整的。ASCII字符串每个字符使用一个字节，Unicode使用两个字节。</li>
<li>有些时候检测到的也并非是真正的字符串，可能是内存地址，CPU指令序列。</li>
</ul>
<h2 id="1-4-加壳与混淆恶意代码"><a href="#1-4-加壳与混淆恶意代码" class="headerlink" title="1.4 加壳与混淆恶意代码"></a>1.4 加壳与混淆恶意代码</h2><ul>
<li>如果strings搜索一个exe有很少的字符串就有可能是混淆的和加壳的。</li>
<li>加壳和混淆代码通常至少包含LoadLibrary和GetProcAddress函数（用来加载和使用其他函数）。</li>
<li>壳分为压缩壳和加密壳。</li>
</ul>
<p>文件加壳原理如下：</p>
<img src="https://s2.loli.net/2023/10/13/heJj67dS2GIwVyi.png" srcset="/img/loading.gif" lazyload alt="image-20231013221204120" style="zoom:80%;" />

<h3 id="用PEiD检测加壳"><a href="#用PEiD检测加壳" class="headerlink" title="用PEiD检测加壳"></a>用PEiD检测加壳</h3><p><img src="https://s2.loli.net/2023/10/14/sJQyBRW7ujvAmiG.png" srcset="/img/loading.gif" lazyload alt="image-20231014091712010"></p>
<h2 id="1-5-PE文件格式"><a href="#1-5-PE文件格式" class="headerlink" title="1.5 PE文件格式"></a>1.5 PE文件格式</h2><ul>
<li>PE（Portable Execute）文件是Windows下可执行文件的总称，常见的有DLL，EXE，OCX，SYS等；</li>
<li>PE是指32位可执行文件，64位的可执行文件称为PE+或者PE32+，并非PE64；</li>
<li>PE文件以一个文件头开始，其中包括：代码信息、应用程序类型、所需的库函数和空间要求。</li>
</ul>
<img src="https://s2.loli.net/2023/10/14/WIoJE16B7Mf4arP.png" srcset="/img/loading.gif" lazyload alt="image-20231014082433696" style="zoom:67%;" />

<p><img src="https://s2.loli.net/2023/10/14/9ESYuTQnzilvWDq.png" srcset="/img/loading.gif" lazyload alt="image-20231014082548506"></p>
<h2 id="1-6-链接库与函数"><a href="#1-6-链接库与函数" class="headerlink" title="1.6 链接库与函数"></a>1.6 链接库与函数</h2><p>导入函数相关信息都保存在PE文件中的导入表中。要找到PE文件的导入表，必须先找到data directory即<strong>数据目录</strong>。</p>
<ul>
<li><p><strong>静态链接</strong></p>
<p>在生成可执行程序时，就把库中的内容加入到程序中。</p>
</li>
<li><p><strong>动态链接</strong></p>
<p>源程序编译后得到的一组目标模块，在装入内存时釆用<strong>边装入边链接</strong>的链接方式。装入一个目标模块时，若发生一个外部模块调用，将引起装入程序去找出相应的外部目标模块，并将它装入内存，还要修改目标模中的相对地址。</p>
</li>
<li><p><strong>运行时链接</strong></p>
<p>有些目标模块的链接，推迟到执行时才进行。即在执行过程中，若发现一个被调用模块尚未装入内存时，由OS去找到该模块，将它装入内存，并把它连接到调用者模块上。对某些目标模块的链接，是在程序执行中需要该目标模块时才进行链接。</p>
<h3 id="查看链接函数"><a href="#查看链接函数" class="headerlink" title="查看链接函数"></a>查看链接函数</h3><p><strong>常见的dll程序</strong>：</p>
<p><img src="https://s2.loli.net/2023/10/14/uovJiMQGqW6mUp1.png" srcset="/img/loading.gif" lazyload alt="image-20231014084030452"></p>
<p>使用<strong>dependency walker</strong>示例：</p>
</li>
</ul>
<p><img src="https://s2.loli.net/2023/10/14/yn4bHvJI2Y3D1AW.png" srcset="/img/loading.gif" lazyload alt="image-20231014083901616"></p>
<p><img src="https://s2.loli.net/2023/10/14/o7VDuWFgLf51RYe.png" srcset="/img/loading.gif" lazyload></p>
<h2 id="1-8-PE文件头与分节"><a href="#1-8-PE文件头与分节" class="headerlink" title="1.8 PE文件头与分节"></a>1.8 PE文件头与分节</h2><p><img src="https://s2.loli.net/2023/10/14/h9eCVzFjiSpu5dv.png" srcset="/img/loading.gif" lazyload alt="image-20231014091306904"></p>
<h1 id="2-动态分析基础技术"><a href="#2-动态分析基础技术" class="headerlink" title="2 动态分析基础技术"></a>2 动态分析基础技术</h1><h2 id="2-1-沙箱"><a href="#2-1-沙箱" class="headerlink" title="2.1 沙箱"></a>2.1 沙箱</h2><h2 id="2-2-运行恶意代码"><a href="#2-2-运行恶意代码" class="headerlink" title="2.2 运行恶意代码"></a>2.2 运行恶意代码</h2><p>运行DLL：rundll32.exe</p>
<h2 id="2-3-进程监视器-进程浏览器"><a href="#2-3-进程监视器-进程浏览器" class="headerlink" title="2.3 进程监视器&amp;进程浏览器"></a>2.3 进程监视器&amp;进程浏览器</h2><p>使用<strong>process explorer</strong> 查看动态链接的dll</p>
<p><img src="https://s2.loli.net/2023/10/14/2UyGgBNuHJtR1Fv.png" srcset="/img/loading.gif" lazyload alt="image-20231014093759868"></p>
<p><img src="https://s2.loli.net/2023/10/14/IZ8t2wgxJyODjPF.png" srcset="/img/loading.gif" lazyload alt="image-20231014103612399"></p>
<p>使用<strong>process monitor</strong> 设置过滤查看指定进程 </p>
<p><img src="https://s2.loli.net/2023/10/14/OPtT72pjD3ekBmA.png" srcset="/img/loading.gif" lazyload alt="image-20231014104428079"></p>
<p><img src="https://s2.loli.net/2023/10/14/2gVxmZKuB3Pklqs.png" srcset="/img/loading.gif" lazyload alt="image-20231014104437688"></p>
<p>根据上例，双击第三行的regsetvalue，可以查看写入注册表的信息。</p>
<img src="https://s2.loli.net/2023/10/14/qy4DaLAUxJhKXMn.png" srcset="/img/loading.gif" lazyload alt="image-20231014104715318" style="zoom:67%;" />

<h2 id="2-4-regshot-注册表快照"><a href="#2-4-regshot-注册表快照" class="headerlink" title="2.4 regshot 注册表快照"></a>2.4 regshot 注册表快照</h2><p><img src="https://s2.loli.net/2023/10/16/VKRgTrmc2uUezlC.png" srcset="/img/loading.gif" lazyload alt="image-20231014111105454"></p>
<h2 id="2-5-模拟网络"><a href="#2-5-模拟网络" class="headerlink" title="2.5 模拟网络"></a>2.5 模拟网络</h2><p>使用apatedns和inetsim配置本地模拟服务器</p>
<ul>
<li><p>在kali中，修改 &#x2F;etc&#x2F;inetsim&#x2F;inetsim.conf，启动inetsim</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><code class="hljs .conf">#192.168.109.131为INetSim安装的虚拟机IP<br>service_bind_address 192.168.109.131<br>dns_default_ip  192.168.134.109.131 <br></code></pre></td></tr></table></figure>
</li>
<li><p>在xp中，启动apatedns，配置dns reply IP为192.168.109.131（kali 的ip）</p>
</li>
</ul>

                
              </div>
            
            <hr/>
            <div>
              <div class="post-metas my-3">
  
    <div class="post-meta mr-3 d-flex align-items-center">
      <i class="iconfont icon-category"></i>
      

<span class="category-chains">
  
  
    
      <span class="category-chain">
        
  <a href="/categories/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%88%86%E6%9E%90/" class="category-chain-item">恶意代码分析</a>
  
  

      </span>
    
  
</span>

    </div>
  
  
</div>


              
  

  <div class="license-box my-3">
    <div class="license-title">
      <div>恶意代码分析</div>
      <div>https://jiashi19.gitee.io/2023/10/16/恶意代码分析/</div>
    </div>
    <div class="license-meta">
      
        <div class="license-meta-item">
          <div>作者</div>
          <div>Jiashi</div>
        </div>
      
      
        <div class="license-meta-item license-meta-date">
          <div>发布于</div>
          <div>2023年10月16日</div>
        </div>
      
      
      
        <div class="license-meta-item">
          <div>许可协议</div>
          <div>
            
              
              
                <a class="print-no-link" target="_blank" href="https://creativecommons.org/licenses/by/4.0/">
                  <span class="hint--top hint--rounded" aria-label="BY - 署名">
                    <i class="iconfont icon-by"></i>
                  </span>
                </a>
              
            
          </div>
        </div>
      
    </div>
    <div class="license-icon iconfont"></div>
  </div>



              
                <div class="post-prevnext my-3">
                  <article class="post-prev col-6">
                    
                    
                      <a href="/2023/10/16/ctf-web-php%E4%BC%AA%E5%8D%8F%E8%AE%AE/" title="ctf-web-php伪协议">
                        <i class="iconfont icon-arrowleft"></i>
                        <span class="hidden-mobile">ctf-web-php伪协议</span>
                        <span class="visible-mobile">上一篇</span>
                      </a>
                    
                  </article>
                  <article class="post-next col-6">
                    
                    
                      <a href="/2023/10/12/%E7%BC%93%E5%86%B2%E5%8C%BA%E6%BA%A2%E5%87%BA/" title="缓冲区溢出">
                        <span class="hidden-mobile">缓冲区溢出</span>
                        <span class="visible-mobile">下一篇</span>
                        <i class="iconfont icon-arrowright"></i>
                      </a>
                    
                  </article>
                </div>
              
            </div>

            
          </article>
        </div>
      </div>
    </div>

    <div class="side-col d-none d-lg-block col-lg-2">
      
  <aside class="sidebar" style="margin-left: -1rem">
    <div id="toc">
  <p class="toc-header">
    <i class="iconfont icon-list"></i>
    <span>目录</span>
  </p>
  <div class="toc-body" id="toc-body"></div>
</div>



  </aside>


    </div>
  </div>
</div>





  



  



  



  



  







    

    
      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
      </a>
    

    
      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
     aria-hidden="true">
  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
    <div class="modal-content">
      <div class="modal-header text-center">
        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
          <span aria-hidden="true">&times;</span>
        </button>
      </div>
      <div class="modal-body mx-3">
        <div class="md-form mb-5">
          <input type="text" id="local-search-input" class="form-control validate">
          <label data-error="x" data-success="v" for="local-search-input">关键词</label>
        </div>
        <div class="list-group" id="local-search-result"></div>
      </div>
    </div>
  </div>
</div>

    

    
  </main>

  <footer>
    <div class="footer-inner">
  
    <div class="footer-content">
       <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
    </div>
  
  
    <div class="statistics">
  
  

  
    
      <span id="busuanzi_container_site_pv" style="display: none">
        总访问量 
        <span id="busuanzi_value_site_pv"></span>
         次
      </span>
    
    
      <span id="busuanzi_container_site_uv" style="display: none">
        总访客数 
        <span id="busuanzi_value_site_uv"></span>
         人
      </span>
    
    
  
</div>

  
  
  
</div>

  </footer>

  <!-- Scripts -->
  
  <script  src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
  <link  rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />

  <script>
    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
    NProgress.start()
    window.addEventListener('load', function() {
      NProgress.done();
    })
  </script>


<script  src="https://lib.baomitu.com/jquery/3.6.4/jquery.min.js" ></script>
<script  src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
<script  src="/js/events.js" ></script>
<script  src="/js/plugins.js" ></script>


  <script  src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
  <script>
    (function (window, document) {
      var typing = Fluid.plugins.typing;
      var subtitle = document.getElementById('subtitle');
      if (!subtitle || !typing) {
        return;
      }
      var text = subtitle.getAttribute('data-typed-text');
      
        typing(text);
      
    })(window, document);
  </script>




  
    <script  src="/js/img-lazyload.js" ></script>
  




  
<script>
  Fluid.utils.createScript('https://lib.baomitu.com/tocbot/4.20.1/tocbot.min.js', function() {
    var toc = jQuery('#toc');
    if (toc.length === 0 || !window.tocbot) { return; }
    var boardCtn = jQuery('#board-ctn');
    var boardTop = boardCtn.offset().top;

    window.tocbot.init(Object.assign({
      tocSelector     : '#toc-body',
      contentSelector : '.markdown-body',
      linkClass       : 'tocbot-link',
      activeLinkClass : 'tocbot-active-link',
      listClass       : 'tocbot-list',
      isCollapsedClass: 'tocbot-is-collapsed',
      collapsibleClass: 'tocbot-is-collapsible',
      scrollSmooth    : true,
      includeTitleTags: true,
      headingsOffset  : -boardTop,
    }, CONFIG.toc));
    if (toc.find('.toc-list-item').length > 0) {
      toc.css('visibility', 'visible');
    }

    Fluid.events.registerRefreshCallback(function() {
      if ('tocbot' in window) {
        tocbot.refresh();
        var toc = jQuery('#toc');
        if (toc.length === 0 || !tocbot) {
          return;
        }
        if (toc.find('.toc-list-item').length > 0) {
          toc.css('visibility', 'visible');
        }
      }
    });
  });
</script>


  <script src=https://lib.baomitu.com/clipboard.js/2.0.11/clipboard.min.js></script>

  <script>Fluid.plugins.codeWidget();</script>


  
<script>
  Fluid.utils.createScript('https://lib.baomitu.com/anchor-js/4.3.1/anchor.min.js', function() {
    window.anchors.options = {
      placement: CONFIG.anchorjs.placement,
      visible  : CONFIG.anchorjs.visible
    };
    if (CONFIG.anchorjs.icon) {
      window.anchors.options.icon = CONFIG.anchorjs.icon;
    }
    var el = (CONFIG.anchorjs.element || 'h1,h2,h3,h4,h5,h6').split(',');
    var res = [];
    for (var item of el) {
      res.push('.markdown-body > ' + item.trim());
    }
    if (CONFIG.anchorjs.placement === 'left') {
      window.anchors.options.class = 'anchorjs-link-left';
    }
    window.anchors.add(res.join(', '));

    Fluid.events.registerRefreshCallback(function() {
      if ('anchors' in window) {
        anchors.removeAll();
        var el = (CONFIG.anchorjs.element || 'h1,h2,h3,h4,h5,h6').split(',');
        var res = [];
        for (var item of el) {
          res.push('.markdown-body > ' + item.trim());
        }
        if (CONFIG.anchorjs.placement === 'left') {
          anchors.options.class = 'anchorjs-link-left';
        }
        anchors.add(res.join(', '));
      }
    });
  });
</script>


  
<script>
  Fluid.utils.createScript('https://lib.baomitu.com/fancybox/3.5.7/jquery.fancybox.min.js', function() {
    Fluid.plugins.fancyBox();
  });
</script>


  <script>Fluid.plugins.imageCaption();</script>

  <script  src="/js/local-search.js" ></script>

  <script defer src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" ></script>





<!-- 主题的启动项，将它保持在最底部 -->
<!-- the boot of the theme, keep it at the bottom -->
<script  src="/js/boot.js" ></script>


  

  <noscript>
    <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
  </noscript>
</body>
</html>
